Method and system for anonymizing subsets selected from datasets of parameters relating to a plurality of network-connected devices

ABSTRACT

A method and a system for selecting an anonymized subset of parameters from datasets of network-connected devices are provided herein. The method may include: obtaining a plurality of datasets, comprising a set of parameters related to one of a plurality of network-connected devices; automatically selecting a subset of parameters from at least one of the datasets, wherein the selecting is based on specified selection criteria; calculating an autocorrelation of the selected subset of parameters; calculating a correlation of the selected subset of parameters and one or more subsets of parameters selected from the datasets relating to network-connected devices other than said one of the plurality of network-connected devices; and applying the correlation and the autocorrelation to a decision function to determine whether the selected subset of parameters is an anonymized subset that is insufficient for determining an identity of the one of the plurality of the network-connected devices.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a National Phase Application of PCT InternationalApplication No. PCT/IL2018/050789, International Filing Date Jul. 17,2018, entitled: “METHOD AND SYSTEM FOR ANONYMIZING SUBSETS SELECTED FROMDATASETS OF PARAMETERS RELATING TO A PLURALITY OF NETWORK-CONNECTEDDEVICES”, which claims the benefit of U.S. Provisional PatentApplication No. 62/533,156, filed Jul. 17, 2017, which is herebyincorporated by reference in its entirety.

FIELD OF THE INVENTION

The present invention relates generally to the anonymizing of datasetsof a plurality of network-connected devices, and more particularly toanonymizing same by selecting anonymized subsets of the datasets.

BACKGROUND OF THE INVENTION

As network-connected devices become more and more popular today in theso-called Internet of Things (IoT) domain, more data relating to thesenetwork-connected devices are available for processing and analysis. Inthe fast-emerging domain of connected cars, it is believed that much ofthis data shall and will play an important role on primary and secondarydata analysis vendors and clients.

For example, insurance companies will require specific data relating toactivities carried out by individuals whose identity needs to be known.However, much of the data collected from network-connected entities,such as connected vehicles, is not required in order for sufficientidentification of the entities or of the user associated with them.

In particular, many use cases actually need to be able to use collecteddata only provided that it has been anonymized in the sense that it isno longer possible to determine the identity of a specificnetwork-connected entity based on datasets of parameters derived fromit.

SUMMARY OF THE INVENTION

In accordance with some embodiments of the present invention, a methodand a system for selecting an anonymized subset of parameters fromdatasets of entities are provided herein. The method may include:obtaining a plurality of datasets, comprising a set of parametersrelated to one of a plurality of network-connected devices;automatically selecting a subset of parameters from at least one of thedatasets, wherein the selecting is based on specified selectioncriteria; calculating an autocorrelation of the selected subset ofparameters; calculating a correlation of the selected subset ofparameters and one or more subsets of parameters selected from thedatasets relating to network-connected devices other than said one ofthe plurality of network-connected devices; and applying the correlationand the autocorrelation to a decision function to determine whether theselected subset of parameters is an anonymized subset that isinsufficient for determining an identity of the one of the plurality ofthe network-connected devices.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter regarded as the invention is particularly pointed outand distinctly claimed in the concluding portion of the specification.The invention, however, both as to organization and method of operation,together with objects, features, and advantages thereof, may best beunderstood by reference to the following detailed description when readwith the accompanying drawings in which:

FIG. 1A is a block diagram illustrating non-limiting exemplaryarchitecture of a system in accordance with some embodiments of thepresent invention;

FIG. 1B is a block diagram illustrating another non-limiting exemplaryarchitecture of a system in accordance with some embodiments of thepresent invention;

FIG. 2 is a high-level flowchart illustrating non-limiting exemplarymethod in accordance with embodiments of the present invention; and

FIG. 3 is a high-level flowchart illustrating another non-limitingexemplary method in accordance with embodiments of the presentinvention.

It will be appreciated that, for simplicity and clarity of illustration,elements shown in the figures have not necessarily been drawn to scale.For example, the dimensions of some of the elements may be exaggeratedrelative to other elements for clarity. Further, where consideredappropriate, reference numerals may be repeated among the figures toindicate corresponding or analogous elements.

DETAILED DESCRIPTION OF THE INVENTION

In the following description, various aspects of the present inventionwill be described. For purposes of explanation, specific configurationsand details are set forth in order to provide a thorough understandingof the present invention. However, it will also be apparent to oneskilled in the art that the present invention may be practiced withoutthe specific details presented herein. Furthermore, well known featuresmay be omitted or simplified in order not to obscure the presentinvention.

Unless specifically stated otherwise, as apparent from the followingdiscussions, it is appreciated that throughout the specificationdiscussions utilizing terms such as “processing,” “computing,”“calculating,” “determining,” or the like, refer to the action and/orprocesses of a computer or computing system, or similar electroniccomputing device, that manipulates and/or transforms data represented asphysical, such as electronic, quantities within the computing system'sregisters and/or memories into other data similarly represented asphysical quantities within the computing system's memories, registers orother such information storage, transmission or display devices.

The term “correlation” as used herein is defined broadly as a dependenceor association of any statistical relationship, whether causal or not,between two random variables or bivariate data. Correlation is definedherein as any of a broad class of statistical relationships involvingdependence, and broader than its common usage referring to the extent towhich two variables have a linear relationship with each other. Term“auto correlation” is similarly defined broadly as such a dependence orassociation of variables with themselves.

The term “quotient” as used herein is defined broadly than its commonusage being the quantity produced by the division of two numbers and mayinclude any operator that includes a fraction or a ratio.

FIG. 1A is a block diagram illustrating non-limiting exemplaryarchitecture of a system in accordance with some embodiments of thepresent invention. System 100 may include a data processing module 120configured to obtain a plurality of datasets 10(1) to 10(N), eachdataset comprising a set of parameters related to one of a plurality ofnetwork-connected devices. System 100 may further include a computerprocessor 110 configured to: automatically select possibly via selectionmodule 130 a subset 20(1) of parameters from at least one of thedatasets relating to one of the plurality of network-connected devices,wherein the selecting is based on specified selection criteria 30;calculate possibly via calculation module 140 an autocorrelation of theselected subset of parameters; calculate possibly via calculation module140 a correlation of the selected subset of parameters and one or moresubsets of parameters selected from the datasets relating tonetwork-connected devices other than said one of the plurality ofnetwork-connected devices, based on selection criteria that areidentical to the specified selection criteria, to yield an output 40;and apply output 40 to decision function 150 to determine, based on thecorrelation and said autocorrelation and said selection criteria,whether said selected subset of parameters is an anonymized subset 50(1)to 50(M) that is insufficient for determining an identity of the one ofthe plurality of the network-connected devices.

According to some embodiments of the present invention, the decisionfunction may include an operator applied to the correlation and theautocorrelation and further applies a threshold on an outcome of saidoperator beyond which said selected subset of parameters is consideredan anonymized subset that is insufficient for determining an identity ofthe one of the plurality of the network-connected devices.

According to some embodiments of the present invention, in a case thatthat the output is not above said specified threshold, determining theselected subset of parameters as a subset that is sufficient fordetermining an identity of the one of the plurality of thenetwork-connected devices and revising the selection criteria to similarand non-identical selection criteria.

According to some embodiments of the present invention, said operator isdivision and said output is a quotient of the correlation divided bysaid autocorrelation, wherein in a case that said quotient is above aspecified threshold, determining said selected subset of parameters asan anonymized subset that is insufficient for determining an identity ofthe one of the plurality of the network-connected devices, and whereinin a case that that said quotient is not above said specified threshold,determining said selected subset of parameters as a subset that issufficient for determining an identity of the said one of the pluralityof the network-connected devices.

According to some embodiments of the present invention, the selectioncriteria include selecting a portion of a spatiotemporal space relatingto said plurality of network-connected devices.

According to some embodiments of the present invention, thenetwork-connected devices comprise connect vehicles and wherein saidparameters include at least one activity of said connected vehicles,wherein said activity is further associated with at least one of: timeof occurring, and location of occurring.

According to some embodiments of the present invention, the similar andnon-identical selection criteria comprise a partial overlap of portionsof a spatiotemporal space representing the respective selectioncriteria.

FIG. 1B is a block diagram illustrating another non-limiting exemplaryarchitecture of a system in accordance with some embodiments of thepresent invention. According to some embodiments of the presentinvention, a system 100B for anonymizing subsets selected from datasetsof parameters relating to a plurality of entities is provided herein.System 100B may be implemented by one or more computer processors 110Brunning a plurality of software modules. One such software module isdata processing module 120B configured to obtain a plurality of datasets10(1) to 10(N), each dataset includes a set of parameters related to oneof a plurality of entities which are physical entities that may be, butare not limited to, connected cars (not shown). Another such softwaremodule is a selection module 130B configured to automatically select asubset 20(1) of parameters from at least one of the datasets 10(1) to10(N) relating to one of the plurality of entities (in thisexample—entity to which database 10(1) relates) wherein the selecting isbased on specified selection criteria 30B.

In accordance with some embodiments of the present invention, yetanother software module included in system 100B may be a calculationmodule 140B configured to calculate an autocorrelation of the selectedsubset of parameters Calculation module 140B may be further configuredto calculate a correlation or any statistical function of the selectedsubset of parameters and one or more subsets of parameters selected fromthe datasets relating to entities other than said one of the pluralityof entities, based on selection criteria that are identical to saidspecified selection criteria. Calculation module 140B may be furtherconfigured to calculate a quotient 40B or any other operator or functionof the correlation divided by the autocorrelation.

In accordance with some embodiments of the present invention, yetanother software module present in system 100B is an anonymity module150B configured to determine the selected subset of parameters asanonymized subsets 50(1) to 50(M) wherein M is the number of datasetsand is independent of the number of network connected-devices N.

Any of anonymized subsets 50(1) to 50(M) are characterized in that theyare insufficient for determining an identity of the one of the pluralityof entities to which any of the original datasets 10(1) to 10(N) relate,in a case that its respective quotient 40B is above a specifiedthreshold. It is understood that anonymity module 150 does not changeany of the selected subsets (e.g., subset 20(1)) but rather determineswhether an already selected subset meets the anonymity requirementsbased on quotient 40 and the specified threshold which may rely uponsome probabilistic tolerance that is user defined and can be easilychanged.

In accordance with some embodiments of the present invention, in a casethat that quotient 40B is not above the specified threshold, theselected subset of parameters may be determined as a subset that issufficient for determining an identity of the said one of the pluralityof entities.

In a non-limiting example, the monitored parameters may include thegeographical location in which any given connected car, out of a pool of1000 cars, was detected to have its engine switched off within a timerange from 8:30 am to 10:30 am. It is assumed that this location mayindicate where people who work closely to each other park their car. Ifa certain car is located in one sample in a different location, itsautocorrelation will be a low value. The cross correlation, however,will be high, and thus quotient 40B value will be high, which indicatesan issue with anonymity. This is not surprising, as an individual carbeing parked somewhere else than its usual place serves as probabilisticindicator of the identity of that car.

In accordance with some embodiments of the present invention, in a casethat that said quotient is not above said specified threshold, themethod includes a step of revising the specified selection criteria andrepeating the operation of: data selection module 130B, calculatingmodule 140B, and anonymity module 150B with the revised specifiedselection criteria.

In accordance with some embodiments of the present invention, theselection criteria include selecting a portion of a spatiotemporal spacerelating to said plurality of entities.

In accordance with some embodiments of the present invention, entitiescomprise physical entities that are network-connected.

In accordance with some embodiments of the present invention, saidentities comprise connect cars, and said parameters include at least oneactivity of said connected cars, wherein said activity is furtherassociated with at least one of: time of occurring, and location ofoccurring.

In accordance with some embodiments of the present invention, saidsimilar and non-identical selection criteria comprise a partial overlapof portions of a spatiotemporal space representing the respectiveselection criteria. Thus, in a non-limiting example, the selectioncriteria may include a period of two weeks for all entities, of aspecified radius measured from a specified point on a map or both.

FIG. 2 is a high-level flowchart illustrating non-limiting exemplarymethod 200 for anonymizing subsets selected from datasets of parametersrelating to a plurality of network-connected devices in accordance withsome embodiments of the present invention Method 200 may include thefollowing steps: obtaining a plurality of datasets, each datasetcomprising a set of parameters related to one of a plurality ofnetwork-connected devices 210; automatically selecting a subset ofparameters from at least one of the datasets relating to one of theplurality of network-connected devices, wherein the selecting is basedon specified selection criteria 220; calculating an auto correlation ofthe selected subset of parameters 230; calculating a correlation of theselected subset of parameters and one or more subsets of parametersselected from the datasets relating to network-connected devices otherthan said one of the plurality of network-connected devices, based onselection criteria that are identical to said specified selectioncriteria 240; and applying the correlation and said autocorrelation to adecision function to determine, based on the correlation and saidautocorrelation and said selection criteria, whether said selectedsubset of parameters is an anonymized subset that is insufficient fordetermining an identity of said one of the plurality of thenetwork-connected devices 250.

FIG. 3 is a high-level flowchart illustrating non-limiting exemplarymethod 300 for anonymizing subsets selected from datasets of parametersrelating to a plurality of network-connected devices in accordance withsome embodiments of the present invention. Method 300 may include:obtaining a plurality of datasets, each dataset comprising a set ofparameters related to one of a plurality of network-connected devices310; automatically selecting a subset of parameters from at least one ofthe datasets relating to one of the plurality of network-connecteddevices, and wherein the selecting is based on specified selectioncriteria 320; calculating an autocorrelation of the selected subset ofparameters and another subset of parameters selected from the datasetsrelating to said one of the plurality of network-connected devices,based on selection criteria that are similar but non-identical to saidspecified selection criteria 330; calculating a cross-correlation of theselected subset of parameters and one or more subsets of parametersselected from the datasets relating to network-connected devices otherthan said one of the plurality of network-connected devices, based onselection criteria that are identical to said specified selectioncriteria 340; calculating a quotient of the cross-correlation divided bysaid autocorrelation 350; and in a case that said quotient is above aspecified threshold, determining said selected subset of parameters asan anonymized subset that is insufficient for determining an identity ofthe said one of the plurality of network-connected devices 360. In thiscase, method 300 goes on to either update the selection criteria oreliminate the offending parameter (the one that because of it,anonymization cannot be achieved) as in step 355. Then the method goesback to step 320 but with updated criteria or parameters.

In accordance with some embodiments of the present invention, in a casethat that said quotient is not above said specified threshold, themethod includes determining said selected subset of parameters as asubset that is sufficient for determining an identity of the said one ofthe plurality of network-connected devices 370.

In accordance with some embodiments of the present invention, in a casethat that said quotient is not above said specified threshold, themethod includes revising the specified selection criteria and repeatingsteps of the method with the revised specified selection criteria.

In accordance with some embodiments of the present invention, methods200 and 300 may be effectively implemented using a non-transitorycomputer readable medium that includes a set of instructions that whenexecuted cause at least one computer processor to: obtain a plurality ofdatasets, each dataset comprising a set of parameters related to one ofa plurality of network-connected devices; automatically select a subsetof parameters from at least one of the datasets relating to one of theplurality of network-connected devices, wherein the selecting is basedon specified selection criteria; calculate an autocorrelation of theselected subset of parameters; calculate a correlation of the selectedsubset of parameters and one or more subsets of parameters selected fromthe datasets relating to network-connected devices other than the one ofthe plurality of network-connected devices, based on selection criteriathat are identical to said specified selection criteria; and apply thecorrelation and the autocorrelation to a decision function to determine,based on the correlation and the autocorrelation and the selectioncriteria, whether the selected subset of parameters is an anonymizedsubset that is insufficient for determining an identity of the one ofthe plurality of the network-connected devices.

In order to implement the aforementioned method and non-transitorycomputer readable medium according to some embodiments of the presentinvention, a computer processor may receive instructions and data from aread-only memory or a random-access memory or both. At least one ofaforementioned steps is performed by at least one processor associatedwith a computer. The essential elements of a computer are a processorfor executing instructions and one or more memories for storinginstructions and data. Generally, a computer will also include, or beoperatively coupled to communicate with, one or more mass storagedevices for storing data files. Storage modules suitable for tangiblyembodying computer program instructions and data include all forms ofnon-volatile memory, including by way of example semiconductor memorydevices, such as EPROM, EEPROM, and flash memory devices and alsomagneto-optic storage devices.

As will be appreciated by one skilled in the art, some aspects of thepresent invention may be embodied as a system, method or computerprogram product. Accordingly, some aspects of the present invention maytake the form of an entirely hardware embodiment, an entirely softwareembodiment (including firmware, resident software, micro-code, etc.) oran embodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, some aspects of the present invention may take the form ofa computer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wire-line, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object-oriented programming languagesuch as Java, Smalltalk, C++, Python or the like and conventionalprocedural programming languages, such as the “C” programming languageor similar programming languages. The program code may execute entirelyon the user's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Some aspects of the present invention are described above with referenceto flowchart illustrations and/or portion diagrams of methods, apparatus(systems) and computer program products according to some embodiments ofthe invention. It will be understood that each portion of the flowchartillustrations and/or portion diagrams, and combinations of portions inthe flowchart illustrations and/or portion diagrams, can be implementedby computer program instructions. These computer program instructionsmay be provided to a processor of a general-purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or portion diagram portion or portions.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or portiondiagram portion or portions.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/orportion diagram portion or portions.

The aforementioned flowchart and diagrams illustrate the architecture,functionality, and operation of possible implementations of systems,methods and computer program products according to various embodimentsof the present invention. In this regard, each portion in the flowchartor portion diagrams may represent a module, segment, or portion of code,which comprises one or more executable instructions for implementing thespecified logical function(s). It should also be noted that, in somealternative implementations, the functions noted in the portion mayoccur out of the order noted in the figures. For example, two portionsshown in succession may, in fact, be executed substantiallyconcurrently, or the portions may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each portion of the portion diagrams and/or flowchart illustration,and combinations of portions in the portion diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

In the above description, an embodiment is an example or implementationof the inventions. The various appearances of “one embodiment,” “anembodiment” or “some embodiments” do not necessarily all refer to thesame embodiments.

Although various features of the invention may be described in thecontext of a single embodiment, the features may also be providedseparately or in any suitable combination. Conversely, although theinvention may be described herein in the context of separate embodimentsfor clarity, the invention may also be implemented in a singleembodiment.

Reference in the specification to “some embodiments”, “an embodiment”,“one embodiment” or “other embodiments” means that a particular feature,structure, or characteristic described in connection with theembodiments is included in at least some embodiments, but notnecessarily all embodiments, of the inventions.

It is to be understood that the phraseology and terminology employedherein is not to be construed as limiting and are for descriptivepurpose only.

The principles and uses of the teachings of the present invention may bebetter understood with reference to the accompanying description,figures and examples.

It is to be understood that the details set forth herein do not construea limitation to an application of the invention.

Furthermore, it is to be understood that the invention can be carriedout or practiced in various ways and that the invention can beimplemented in embodiments other than the ones outlined in thedescription above.

It is to be understood that the terms “including”, “comprising”,“consisting” and grammatical variants thereof do not preclude theaddition of one or more components, features, steps, or integers orgroups thereof and that the terms are to be construed as specifyingcomponents, features, steps or integers.

If the specification or claims refer to “an additional” element, thatdoes not preclude there being more than one of the additional elements.

It is to be understood that where the claims or specification refer to“a” or “an” element, such reference is not be construed that there isonly one of that element.

It is to be understood that where the specification states that acomponent, feature, structure, or characteristic “may”, “might”, “can”or “could” be included, that particular component, feature, structure,or characteristic is not required to be included.

Where applicable, although state diagrams, flow diagrams or both may beused to describe embodiments, the invention is not limited to thosediagrams or to the corresponding descriptions. For example, flow neednot move through each illustrated box or state, or in exactly the sameorder as illustrated and described.

Some methods of the present invention may be implemented by performingor completing manually, automatically, or a combination thereof,selected steps or tasks.

The term “method” may refer to manners, means, techniques and proceduresfor accomplishing a given task including, but not limited to, thosemanners, means, techniques and procedures either known to, or readilydeveloped from known manners, means, techniques and procedures bypractitioners of the art to which the invention belongs.

The descriptions, examples, methods and materials presented in theclaims and the specification are not to be construed as limiting butrather as illustrative only.

Meanings of technical and scientific terms used herein are to becommonly understood as by one of ordinary skill in the art to which theinvention belongs, unless otherwise defined.

The present invention may be implemented in the testing or practice withmethods and materials equivalent or similar to those described herein.

Any publications, including patents, patent applications and articles,referenced or mentioned in this specification are herein incorporated intheir entirety into the specification, to the same extent as if eachindividual publication was specifically and individually indicated to beincorporated herein. In addition, citation or identification of anyreference in the description of some embodiments of the invention shallnot be construed as an admission that such reference is available asprior art to the present invention.

While the invention has been described with respect to a limited numberof embodiments, these should not be construed as limitations on thescope of the invention, but rather as exemplifications of some of thepreferred embodiments. Other possible variations, modifications, andapplications are also within the scope of the invention. Accordingly,the scope of the invention should not be limited by what has thus farbeen described, but by the appended claims and their legal equivalents.

The invention claimed is:
 1. A method comprising: obtaining a pluralityof datasets, each dataset comprising a set of parameters related to oneof a plurality of network-connected devices; automatically selecting asubset of parameters from at least one of the datasets relating to oneof the plurality of network-connected devices, wherein the selecting isbased on specified selection criteria; calculating an autocorrelation ofthe selected subset of parameters; calculating a correlation of theselected subset of parameters and one or more subsets of parametersselected from the datasets relating to network-connected devices otherthan said one of the plurality of network-connected devices, based onselection criteria that are identical to said specified selectioncriteria; applying said correlation and said autocorrelation to adecision function to determine, based on said correlation and saidautocorrelation and said selection criteria, whether said selectedsubset of parameters is an anonymized subset that is insufficient fordetermining an identity of said one of the plurality of thenetwork-connected devices.
 2. The method according to claim 1, whereinsaid decision function comprises an operator applied to said correlationand said autocorrelation and further applies a threshold on an outcomeof said operator beyond which said selected subset of parameters isconsidered an anonymized subset that is insufficient for determining anidentity of the said one of the plurality of the network-connecteddevices.
 3. The method according to claim 2, wherein in a case that saidoutcome is not above said specified threshold, determining said selectedsubset of parameters as a subset that is sufficient for determining anidentity of the said one of the plurality of the network-connecteddevices and revising said selection criteria to similar andnon-identical selection criteria.
 4. The method according to claim 2,wherein said operator is division and said outcome is a quotient of saidcorrelation divided by said autocorrelation, wherein in a case that saidquotient is above a specified threshold, determining said selectedsubset of parameters as an anonymized subset that is insufficient fordetermining an identity of the said one of the plurality of thenetwork-connected devices, and wherein in a case that said quotient isnot above said specified threshold, determining said selected subset ofparameters as a subset that is sufficient for determining an identity ofthe said one of the plurality of the network-connected devices.
 5. Themethod according to claim 1, wherein the selection criteria includeselecting a portion of a spatiotemporal space relating to said pluralityof network-connected devices.
 6. The method according to claim 1,wherein said network-connected devices comprise connect vehicles andwherein said parameters include at least one activity of said connectedvehicles, wherein said activity is further associated with at least oneof: time of occurring, and location of occurring.
 7. The methodaccording to claim 3, wherein said similar and non-identical selectioncriteria comprise a partial overlap of portions of a spatiotemporalspace representing the respective selection criteria.
 8. A systemcomprising: a computer memory configured to obtain a plurality ofdatasets, each dataset comprising a set of parameters related to one ofa plurality of network-connected devices; and a computer processorconfigured to: automatically select a subset of parameters from at leastone of the datasets relating to one of the plurality ofnetwork-connected devices, wherein the selecting is based on specifiedselection criteria; calculate an autocorrelation of the selected subsetof parameters; calculate a correlation of the selected subset ofparameters and one or more subsets of parameters selected from thedatasets relating to network-connected devices other than said one ofthe plurality of network-connected devices, based on selection criteriathat are identical to said specified selection criteria; and apply saidcorrelation and said autocorrelation to a decision function todetermine, based on said correlation and said autocorrelation and saidselection criteria, whether said selected subset of parameters is ananonymized subset that is insufficient for determining an identity ofsaid one of the plurality of the network-connected devices.
 9. Thesystem according to claim 8, wherein said decision function comprises anoperator applied to said correlation and said autocorrelation andfurther applies a threshold on an outcome of said operator beyond whichsaid selected subset of parameters is considered an anonymized subsetthat is insufficient for determining an identity of the said one of theplurality of the network-connected devices.
 10. The system according toclaim 9, wherein in a case that said outcome is not above said specifiedthreshold, determining said selected subset of parameters as a subsetthat is sufficient for determining an identity of the said one of theplurality of the network-connected devices and revising said selectioncriteria to similar and non-identical selection criteria.
 11. The systemaccording to claim 9, wherein said operator is division and said outcomeis a quotient of said correlation divided by said autocorrelation,wherein in a case that said quotient is above a specified threshold,determining said selected subset of parameters as an anonymized subsetthat is insufficient for determining an identity of the said one of theplurality of the network-connected devices, and wherein in a case thatsaid quotient is not above said specified threshold, determining saidselected subset of parameters as a subset that is sufficient fordetermining an identity of the said one of the plurality of thenetwork-connected devices.
 12. The system according to claim 9, whereinthe selection criteria include selecting a portion of a spatiotemporalspace relating to said plurality of network-connected devices.
 13. Thesystem according to claim 8, wherein said network-connected devicescomprise connect vehicles and wherein said parameters include at leastone activity of said connected vehicles, wherein said activity isfurther associated with at least one of: time of occurring, and locationof occurring.
 14. The system according to claim 10, wherein said similarand non-identical selection criteria comprise a partial overlap ofportions of a spatiotemporal space representing the respective selectioncriteria.
 15. A non-transitory computer readable medium comprising a setof instructions that when executed cause at least one computer processorto: obtain a plurality of datasets, each dataset comprising a set ofparameters related to one of a plurality of network-connected devices;automatically select a subset of parameters from at least one of thedatasets relating to one of the plurality of network-connected devices,wherein the selecting is based on specified selection criteria;calculate an autocorrelation of the selected subset of parameters;calculate a correlation of the selected subset of parameters and one ormore subsets of parameters selected from the datasets relating tonetwork-connected devices other than said one of the plurality ofnetwork-connected devices, based on selection criteria that areidentical to said specified selection criteria; and apply saidcorrelation and said autocorrelation to a decision function todetermine, based on said correlation and said autocorrelation and saidselection criteria, whether said selected subset of parameters is ananonymized subset that is insufficient for determining an identity ofsaid one of the plurality of the network-connected devices.
 16. Thenon-transitory computer readable medium according to claim 15, whereinsaid decision function comprises an operator applied to said correlationand said autocorrelation and further applies a threshold on an outcomeof said operator beyond which said selected subset of parameters isconsidered an anonymized subset that is insufficient for determining anidentity of the said one of the plurality of the network-connecteddevices.
 17. The non-transitory computer readable medium according toclaim 16, wherein in a case that said outcome is not above saidspecified threshold, determining said selected subset of parameters as asubset that is sufficient for determining an identity of the said one ofthe plurality of the network-connected devices and revising saidselection criteria to similar and non-identical selection criteria. 18.The non-transitory computer readable medium according to claim 16,wherein said operator is division and said outcome is a quotient of saidcorrelation divided by said autocorrelation, wherein in a case that saidquotient is above a specified threshold, determining said selectedsubset of parameters as an anonymized subset that is insufficient fordetermining an identity of the said one of the plurality of thenetwork-connected devices, and wherein in a case that said quotient isnot above said specified threshold, determining said selected subset ofparameters as a subset that is sufficient for determining an identity ofthe said one of the plurality of the network-connected devices.
 19. Thenon-transitory computer readable medium according to claim 16, whereinthe selection criteria include selecting a portion of a spatiotemporalspace relating to said plurality of network-connected devices.
 20. Thenon-transitory computer readable medium according to claim 15, whereinsaid network-connected devices comprise connect vehicles and whereinsaid parameters include at least one activity of said connectedvehicles, wherein said activity is further associated with at least oneof: time of occurring, and location of occurring.
 21. The systemnon-transitory computer readable medium to claim 17, wherein saidsimilar and non-identical selection criteria comprise a partial overlapof portions of a spatiotemporal space representing the respectiveselection criteria.